A logging function used by multiple vendors' SFTP servers contains a format string vulnerability, which may allow an authorized remote attacker to execute arbitrary code or cause a denial of service.
SFTP (Secure FTP) is a file transfer application that uses SSH for encryption.
A remote authenticated attacker may be able to execute arbitrary code with the privilege of the user or cause a denial of service to the SSH server.
Upgrade or patch
Thanks to WRQ for reporting this vulnerability.
|Date First Published:||2006-02-13|
|Date Last Updated:||2006-02-15 14:51 UTC|